Merge pull request #447 from KeyboardNerd/ancestry_

API: change api port to api addr, rename RunV2 to Run.
2017-08-18 18:29:01 -04:00 · 2017-08-18 18:29:01 -04:00 · 355f1e6d98
commit 355f1e6d98
parent d5b987440a dc8704a961
6 changed files with 49 additions and 31 deletions
--- a/api/api.go
+++ b/api/api.go
@ -20,7 +20,6 @@ import (
 	"io/ioutil"
 	"net"
 	"net/http"
-	"strconv"
 	"time"

 	log "github.com/sirupsen/logrus"
@ -35,13 +34,13 @@ const timeoutResponse = `{"Error":{"Message":"Clair failed to respond within the

 // Config is the configuration for the API service.
 type Config struct {
-	GrpcPort                  int
-	HealthPort                int
+	Addr                      string
+	HealthAddr                string
 	Timeout                   time.Duration
 	CertFile, KeyFile, CAFile string
 }

-func RunV2(cfg *Config, store database.Datastore) {
+func Run(cfg *Config, store database.Datastore) {
 	tlsConfig, err := tlsClientConfig(cfg.CAFile)
 	if err != nil {
 		log.WithError(err).Fatal("could not initialize client cert authentication")
@ -49,7 +48,7 @@ func RunV2(cfg *Config, store database.Datastore) {
 	if tlsConfig != nil {
 		log.Info("main API configured with client certificate authentication")
 	}
-	v3.Run(cfg.GrpcPort, tlsConfig, cfg.CertFile, cfg.KeyFile, store)
+	v3.Run(cfg.Addr, tlsConfig, cfg.CertFile, cfg.KeyFile, store)
 }

 func RunHealth(cfg *Config, store database.Datastore, st *stopper.Stopper) {
@ -60,13 +59,13 @@ func RunHealth(cfg *Config, store database.Datastore, st *stopper.Stopper) {
 		log.Info("health API service is disabled.")
 		return
 	}
-	log.WithField("port", cfg.HealthPort).Info("starting health API")
+	log.WithField("addr", cfg.HealthAddr).Info("starting health API")

 	srv := &graceful.Server{
 		Timeout:          10 * time.Second, // Interrupt health checks when stopping
 		NoSignalHandling: true,             // We want to use our own Stopper
 		Server: &http.Server{
-			Addr:    ":" + strconv.Itoa(cfg.HealthPort),
+			Addr:    cfg.HealthAddr,
 			Handler: http.TimeoutHandler(newHealthHandler(store), cfg.Timeout, timeoutResponse),
 		},
 	}
--- a/api/v3/server.go
+++ b/api/v3/server.go
@ -17,7 +17,6 @@ package v3
 import (
 	"context"
 	"crypto/tls"
-	"fmt"
 	"net"
 	"net/http"
 	"strconv"
@ -147,11 +146,11 @@ func servePrometheus(mux *http.ServeMux) {
 	mux.Handle("/metrics", prometheus.Handler())
 }

-// Run initializes grpc and grpc gateway api services on the same port
-func Run(GrpcPort int, tlsConfig *tls.Config, CertFile, KeyFile string, store database.Datastore) {
-	l, err := net.Listen("tcp", fmt.Sprintf("localhost:%d", GrpcPort))
+// Run initializes grpc and grpc gateway api services on the same address
+func Run(Addr string, tlsConfig *tls.Config, CertFile, KeyFile string, store database.Datastore) {
+	l, err := net.Listen("tcp", Addr)
 	if err != nil {
-		log.WithError(err).Fatalf("could not bind to port %d", GrpcPort)
+		log.WithError(err).Fatalf("could not listen to address" + Addr)
 	}
 	log.WithField("addr", l.Addr().String()).Info("starting grpc server")

--- a/cmd/clair/config.go
+++ b/cmd/clair/config.go
@ -67,8 +67,8 @@ func DefaultConfig() Config {
 			EnabledListers:   featurefmt.ListListers(),
 		},
 		API: &api.Config{
-			HealthPort: 6061,
-			GrpcPort:   6060,
+			HealthAddr: "0.0.0.0:6061",
+			Addr:       "0.0.0.0:6060",
 			Timeout:    900 * time.Second,
 		},
 		Notifier: &notification.Config{
--- a/cmd/clair/main.go
+++ b/cmd/clair/main.go
@ -143,7 +143,7 @@ func Boot(config *Config) {
 	go clair.RunNotifier(config.Notifier, db, st)

 	// Start API
-	go api.RunV2(config.API, db)
+	go api.Run(config.API, db)

 	st.Begin()
 	go api.RunHealth(config.API, db, st)
--- a/config.yaml.sample
+++ b/config.yaml.sample
@ -25,18 +25,19 @@ clair:
      # Number of elements kept in the cache
      # Values unlikely to change (e.g. namespaces) are cached in order to save prevent needless roundtrips to the database.
      cachesize: 16384
+
      # 32-bit URL-safe base64 key used to encrypt pagination tokens
      # If one is not provided, it will be generated.
      # Multiple clair instances in the same cluster need the same value.
      paginationkey: 

  api:
-    # v3 grpc/RESTful API server port
-    grpcport : 6060
+    # v3 grpc/RESTful API server address
+    addr: "127.0.0.1:6060"

-    # Health server port
+    # Health server address
    # This is an unencrypted endpoint useful for load balancers to check to healthiness of the clair server.
-    healthport: 6061
+    healthaddr: "0.0.0.0:6061"

    # Deadline before an API request will respond with a 503
    timeout: 900s
--- a/contrib/k8s/config.yaml
+++ b/contrib/k8s/config.yaml
@ -25,23 +25,23 @@ clair:
      # Number of elements kept in the cache
      # Values unlikely to change (e.g. namespaces) are cached in order to save prevent needless roundtrips to the database.
      cachesize: 16384
+      
+      # 32-bit URL-safe base64 key used to encrypt pagination tokens
+      # If one is not provided, it will be generated.
+      # Multiple clair instances in the same cluster need the same value.
+      paginationkey: 

  api:
-    # API server port
-    port: 6060
+    # v3 grpc/RESTful API server address
+    addr: "0.0.0.0:6060"

-    # Health server port
+    # Health server address
    # This is an unencrypted endpoint useful for load balancers to check to healthiness of the clair server.
-    healthport: 6061
+    healthaddr: "0.0.0.0:6061"

    # Deadline before an API request will respond with a 503
    timeout: 900s

-    # 32-bit URL-safe base64 key used to encrypt pagination tokens
-    # If one is not provided, it will be generated.
-    # Multiple clair instances in the same cluster need the same value.
-    paginationkey:
-
    # Optional PKI configuration
    # If you want to easily generate client certificates and CAs, try the following projects:
    # https://github.com/coreos/etcd-ca
@ -51,10 +51,29 @@ clair:
    keyfile:
    certfile:

+  worker:
+    namespace_detectors:
+      - os-release
+      - lsb-release
+      - apt-sources
+      - alpine-release
+      - redhat-release
+
+    feature_listers:
+      - apk
+      - dpkg
+      - rpm
+
  updater:
    # Frequency the database will be updated with vulnerabilities from the default data sources
    # The value 0 disables the updater entirely.
    interval: 2h
+    enabledupdaters: 
+      - debian
+      - ubuntu
+      - rhel
+      - oracle
+      - alpine

  notifier:
    # Number of attempts before the notification is marked as failed to be sent
@ -72,9 +91,9 @@ clair:
      # https://github.com/cloudflare/cfssl
      # https://github.com/coreos/etcd-ca
      servername:
-      cafile:
-      keyfile:
-      certfile:
+      cafile: 
+      keyfile: 
+      certfile: 

      # Optional HTTP Proxy: must be a valid URL (including the scheme).
      proxy: